1. Field
Embodiments described herein generally relate to access control for database management systems, and more particularly to controlling privileges in a database management system.
2. Background
Most database management systems are administered by a small set of privileged users, sometimes referred to as super users. These super users are typically granted various privileges needed to administer a database, such as the privilege to create a table in the database, or the privilege to remove a user's access to the database. The union of all super users' privileges represents all administrative privileges in a database management system.
Many database management systems also include a database administrator (DBA) account, with unlimited power over the database. The DBA often possesses the privilege to reset a user's password. The DBA also possesses the privilege to impersonate another user's account. Although these permissions are very useful, if the DBA account or administrator is unavailable, these functions cannot be performed. Additionally, in some instances, a particular user may only need a subset of the functionality possessed by the DBA account, but granting the full functionality of the DBA account may present a security risk.